package com.example.swagger.config;

//import org.springframework.context.annotation.Bean;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.config.Customizer;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.web.SecurityFilterChain;

import org.springframework.context.annotation.Configuration;

@Configuration
public class SecurityConfig {

//    @Bean
//    public SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
//        http
//                .authorizeHttpRequests(authz -> authz
//                        .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
//                        .requestMatchers(HttpMethod.GET, "/user/info", "/api/foos/**")
//                        .hasAuthority("SCOPE_springdoc.read")
//                        .requestMatchers(HttpMethod.POST, "/api/foos")
//                        .hasAuthority("SCOPE_springdoc.write")
//                        .anyRequest()
//                        .authenticated())
//                .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()));
//        return http.build();
//    }

}

// OpenAPI 的文档接口的安全配置，参考 springdoc-openapi 官网 https://github.com/springdoc/springdoc-openapi-demos/blob/master/demo-oauth2/oauth-resource-server-webmvc/src/main/java/org/springdoc/demo/resource/config/SecurityConfig.java
// 另一个参考 https://github.com/springdoc/springdoc-openapi-demos/blob/master/demo-oauth2/oauth-authorization-server/src/main/java/org/springdoc/demo/auth/SecurityConfig.java